Having a security plugin such as WordFence or iThemes Security is always advisable, but an extra precaution to protect your website from hackers or bots trying to log in is even better. You then make it a lot harder for the hackers to get in and that’s exactly something everyone wants, right?
If your WP admin login screen can be found at http://jedomeinnaam.nl/wp-admin then I have good and bad news. And as always, we start with the bad news first to get rid of it right away.
The bad news, as indicated, is that everyone (including hackers) knows where to find the login page. In fact, it is the default login page for all WordPress websites. Malicious bots scan all domains daily to find the login page. Then you also have admin or your domain name as your username AND an easy password – big chance they will come in and screw up all kinds of things. You don’t want that.
The good news is – you can change your login page within 5 minutes which will make it just a little harder for bots and hackers to log in.
How to create a personal login page for WordPress?
Step 1: Download a plugin to customize the location of your login page.
There are a few plugins available but personally I have had good experiences with Move Login. This is a highly regarded plugin, works securely, is updated regularly and is compatible with the latest version of WordPress.
Step 2: Go to the plugin settings and change the URL of the login page.
Once the plugin is activated, you can change the settings by going to Settings -> Move Login. Here you can at least change the login location however if you want ultimate protection against hackers and malicious bots, you can change all the options. Try to make the links unique but also that you still remember it once it is changed.
Step 3: Come up with some great links
Make the links so that they cannot be easily found by unauthorized persons. It is important that you can remember them as well because the old login page will not be found after this change.
Step 4: Adjust referrals
When someone tries to log in who has nothing to do on your website, make sure they are notified or redirected to the main page.
It was! In four steps, you have made sure that those terrible hackers can no longer find the login page. If you want even more security, then this blog post about WordFence – the plugin that ensures a well-secured WordPress site is also interesting to read.
Now if something goes wrong with Move Login, such as forgetting your login page, you can remove the plugin via FTP. The changes will then expire and the original pages (wp-admin) will be findable again.
Are you already using another login page? What steps have you taken to secure your WordPress site from hackers and malicious bots?